Hi. Having read many different things about security, I am now completely confused. The bane of learning…lmao.
(btw – kinda an sql question too…but think here is more appropriate ? )
As far as I understand
1.
You can put your mysql host/username/password/user information in a PHP script as it is not possible for a user to see this information. [URL=”http://www.webdeveloper.com/forum/showthread.php?t=226195″]http://www.webdeveloper.com/forum/showthread.php?t=226195
It then stands to reason that information sought from the database via PHP is also safe from hackers.
If I am using PHP to check a users password against one stored in the database, i should be using MD5/SERIALIZE()/TLS/SSL/SHA1/.htaccess/etc etc…….
Surely if I need one/all these, then my original database access info is also at risk and the hacker could get all the db info anyway??
Am sure I am missing something, but have read to much now to know what.